<%@ page import="java.sql.*"%>
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%
String username = request.getParameter("username");
String userpwd =  request.getParameter("userpwd");
if(username.indexOf("'")>=1){
	out.println("非法注入！");
	return;
}
 	Class.forName("com.mysql.jdbc.Driver");
 	Connection conn = DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/test","root","123456");
 	Statement stmt = conn.createStatement();
	ResultSet rs = stmt.executeQuery("select * from blackjuly where name='" + username + "' and " + "password='" + userpwd + "'");
	if(rs.next()==false){
		out.println("没有此用户，或者用户不存在！");
		response.setHeader("refresh", "3;URL=Login.html");
		return;
	}
out.println("登录成功！");
response.setHeader("refresh", "3;URL=Publish.html");
	conn.close();
	stmt.close();
	rs.close();
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <title>登录状态</title>
  </head>
  <%@ include file="State.jsp" %>
  <body>
	
  </body>
</html>